https://success.trendmicro.com/solution/000296151 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>https://success.trendmicro.com/solution/000296151 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. The specific flaw exists within the product update mechanism. By creating a junction, an attacker can abuse the updater to delete a folder. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. This could potentially lead to complete compromise of the affected system, allowing the attacker to gain full control over the machine, access sensitive information, modify or delete data, and perform any actions with system-level privileges.
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
Trend Micro has issued an update to correct this vulnerability. More details can be found at: https://success.trendmicro.com/solution/000296151
1. Apply the patch provided by Trend Micro as soon as possible. 2. Limit user privileges and ensure the principle of least privilege is followed to reduce the risk of initial low-privileged code execution. 3. Monitor systems for suspicious activities, especially those related to the product update mechanism of Trend Micro Apex One Security Agent. 4. Implement strong access controls and network segmentation to limit the potential spread if a system is compromised. 5. Regularly update and patch all software, not just the affected Trend Micro product, to reduce overall system vulnerabilities.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Feedly found the first article mentioning CVE-2023-52094. See article
Feedly estimated the CVSS score as HIGH
NVD published the first details for CVE-2023-52094
Feedly estimated the CVSS score as MEDIUM
Detection for the vulnerability has been added to Qualys (379319)
EPSS Score was set to: 0.05% (Percentile: 12.6%)
A CVSS base score of 7.8 has been assigned.